]> git.ipfire.org Git - thirdparty/git.git/commitdiff
index-pack: terminate object buffers with NUL
authorDuy Nguyen <pclouds@gmail.com>
Mon, 8 Dec 2014 14:17:55 +0000 (15:17 +0100)
committerJunio C Hamano <gitster@pobox.com>
Tue, 9 Dec 2014 19:56:37 +0000 (11:56 -0800)
We have some tricky checks in fsck that rely on a side effect of
require_end_of_header(), and would otherwise easily run outside
non-NUL-terminated buffers. This is a bit brittle, so let's make sure
that only NUL-terminated buffers are passed around to begin with.

Jeff "Peff" King contributed the detailed analysis which call paths are
involved and pointed out that we also have to patch the get_data()
function in unpack-objects.c, which is what Johannes "Dscho" Schindelin
implemented.

Signed-off-by: Nguyễn Thái Ngọc Duy <pclouds@gmail.com>
Analyzed-by: Jeff King <peff@peff.net>
Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
builtin/index-pack.c
builtin/unpack-objects.c

index f2465ff18e413e37e92a4828429effa6bd566707..f79b04e2c47696dcdb1ca86499848669491dbffe 100644 (file)
@@ -438,7 +438,7 @@ static void *unpack_entry_data(unsigned long offset, unsigned long size,
        if (type == OBJ_BLOB && size > big_file_threshold)
                buf = fixed_buf;
        else
-               buf = xmalloc(size);
+               buf = xmallocz(size);
 
        memset(&stream, 0, sizeof(stream));
        git_inflate_init(&stream);
@@ -543,7 +543,7 @@ static void *unpack_data(struct object_entry *obj,
        git_zstream stream;
        int status;
 
-       data = xmalloc(consume ? 64*1024 : obj->size);
+       data = xmallocz(consume ? 64*1024 : obj->size);
        inbuf = xmalloc((len < 64*1024) ? len : 64*1024);
 
        memset(&stream, 0, sizeof(stream));
index 855d94b90ba019ff19832ff49a76d6cc0077e956..ac6667242c562bb7a215982754211a3e035aae8a 100644 (file)
@@ -91,7 +91,7 @@ static void use(int bytes)
 static void *get_data(unsigned long size)
 {
        git_zstream stream;
-       void *buf = xmalloc(size);
+       void *buf = xmallocz(size);
 
        memset(&stream, 0, sizeof(stream));